How to recover the password and enablepass

Unanswered Question
Oct 10th, 2007
User Badges:


I can log on to the 4006 sw using tacacs but can't change the passwords as the are shown as encrypted. I used the encrypted as a old password but is not taking. I forgot the old password. CiscoWorks is not configured to use SNMP.

How can I get the old password to change it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
theobagm Wed, 10/10/2007 - 13:46
User Badges:

I do not believe that either the password and the enable password are ever stored unencrypted on a CatOS system. Under IOS 'no service password-encryption' will show all passwords in clear text except the enable secret. If you can access the physical console port and can tolerate the down time of a power cycle followed by a recovery process try this

Otherwise I know of NO way to get the unencrypted password once it has been forgotten.

glen.grant Wed, 10/10/2007 - 14:57
User Badges:
  • Purple, 4500 points or more

Unless you have a snmp wizard who knows snmp inside and out there is no other way . The one way that might work if you have another 4006 that you know the password I "think" you can copy that encrypted string into a file on a tftp server then config net that file then change the password the normal way . I believe I changed it that way once a long time ago .

Kevin Dorrell Wed, 10/10/2007 - 17:36
User Badges:
  • Green, 3000 points or more

But you would need the enable secret in order to to the TFTP, wouldn't you?

Ordinary "encrypted" passwords are too easy to crack if you know the encrypted version - there are tools all over the Internet to do so. Level '5', on the other hand, are much more secure - I don't know any tool that will do it.

Kevin Dorrell


aminhaq Mon, 10/15/2007 - 07:47
User Badges:

This is a CatOS switch I was talking to.


This Discussion